CVE-2011-3401

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

38.8%

top 2.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows XP

Timeline

PublishedDec 14

Latest updateMay 14

Description

ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_xp2005

🔴Vulnerability Details

GHSA

GHSA-fpc5-jwwv-g522: ENCDEC↗2022-05-14

▶

CVEList

CVE-2011-3401: ENCDEC↗2011-12-14

▶